Research Summary: Ethereum Name Service: the Good, the Bad, and the Ugly

TLDR

  • Traditional domain names are controlled by centralised entities and possess several design flaws that make them less secure.
  • Although the Ethereum Name Service (ENS) offers blockchain based alternatives to traditional domain names, this study is the first targeted research on the service.
  • This large-scale study reveals that ENS is indeed popular with unique uses but still possesses a number of security risks that should be addressed by the community.

Core Research Question

What is the adoption level of ENS in the community and in what ways is it being used? What underlying security issues prevail in the system?

Citation

Xia, P., Wang, H., Yu, Z., Liu, X., Luo, X., & Xu, G. (2021). Ethereum name service: the good, the bad, and the ugly. arXiv preprint arXiv:2104.05185.

Background

  • Domain Name: A domain name for a website can be likened to the address of a house. Domain names allow a website to be easily found and accessed by users and networks on the Internet. Examples include google.com and medium.com. Domain names were introduced as a user-friendly replacement to the Internet Protocol (IP) address.
  • Domain Name System (DNS): A network protocol that helps map domain names with network information such as IP addresses. Mapping is operated in a hierarchical manner with top-level domains like .com, .org, .edu, and several others.
  • Top-level domains (TLDs): The last part of a domain name represented after the dot. In the domain name google.com, .com is the TLD. They are managed by organisations such as the Internet Corporation for Assigned Names and Numbers (ICANN).
  • Second level domains (2LDs): The part of a domain name that comes before the TLD. In google.com, google is the 2LD.
  • Zooko’s Triangle: This triangle proposed by Zooko Wilcox-O’Hearn states three essential properties an ideal name system should possess. These include that a name system should be human-meaningful, secure, and decentralised. Zooko believed that a name system could not possess all three properties and must compromise on a third.
  • Blockchain Name Service (BNS): A blockchain based alternative to DNS that claims to be a solution to Zooko’s triangle. Early BNS models like Namecoin and Handshake seek to totally replace the traditional DNS.
  • Ethereum Name Service (ENS): A BNS model built on the Ethereum blockchain. ENS uses smart contracts to perform the function of traditional domain name registrars and map human readable names to machine-readable identifiers.
  • Resolver: A kind of smart contract that stores the mapping of domain names to records and is responsible for the actual process of translating names into Ethereum addresses. These records may also include content hashes and text records.
  • Registry: A single smart contract used to maintain a list of all the domains and subdomains on ENS. In this contract, three pieces of information about each of these domains are stored: the owner of the domain, the resolver for the domain, and the caching time-to-live for all records under the domain.
  • Registrar: Another smart contract on ENS that owns a name, and can automatically assign subdomain names to other users based on certain rules and conditions.
  • Labelhash: The output of the keccak-256 function applied to a label. A label is a single part of a domain name e.g In the bob.eth domain name, the labels would be bob or eth.
  • Namehash: A function that creates a fixed length 256-bit cryptographic hash for any complete human-readable domain name on ENS e.g bob.eth. The output of this function is referred to as a node hash (not to be confused with node client). ENS works with these node hashes to uniquely identify domain names on the system instead of human-readable names.
  • Content Hash: A unique hash identifier for content which can be obtained when files are uploaded to storage systems like the InterPlanetary File System (IPFS). ENS introduced this field for revolver contracts to map content to a specific domain name.
  • Text Record: Managed by the resolver, this field is used to attach any random data to an ENS name. This may include email addresses, URLs, social media profiles, description of the name owner, and any other metadata the user wishes to add.
  • Event Logs: Used to describe an event within a smart contract. In the case of ENS, this could be name registration, name expiry, subdomain name creation, and a variety of other activities carried out by the ENS smart contracts.
  • Geth: One of the three original implementations of the Ethereum protocol used for implementing a node. It is written in Go, fully open source and licensed.
  • Alexa: Top website popularity ranking site owned by Amazon. To be shut down by 1 May 2022.
  • Application Binary Interface (ABI): An ABI is a contract between pieces of binary code. It defines how functions would be called and how these unrelated code must work together.
  • Vickrey Auction: A type of auction in which the highest bidder pays the second highest bid for the item auctioned. It is also known as a sealed-bid second-price auction (SBSPA) because the bidders submit written bids and the bids of others are not shared publicly.
  • Permanent Registrar: Deals with the registration and annual rent payment of names over 6 characters in length. Was put in place on May 4th 2019.
  • Short Name Claim: The period in July 2019 when ENS allowed the reservation of .eth names with the length of 3 - 6 by persons who possessed eligible equivalents in the traditional DNS system.
  • Short Name Auction: The auction process conducted on OpenSea in September 2019 where ENS sold names using an English auction. The winning bid was the registration fee for the first year of the lifespan of the domain name.
  • The Great Renewal: The renewal period in August 2020 for all names registered during the Vickrey auction period.
  • Domain Squatting: Purchasing a domain name, usually a popular or generic one, to prevent others including the rightful owners from purchasing or profiting from its use.
  • Record Persistence: The maintenance of ENS name and subdomain name records even after the expiry of the name itself.

Summary

  • With its strength in immutability and decentralisation, blockchain technology has been applied to improve the traditional DNS. Some of these BNS solutions like Handshake, Namecoin, EmerDNS and UnstoppableDomains aim to totally replace DNS.
  • ENS, a BNS built on the Ethereum blockchain, is different because it seeks to complement and not replace the traditional DNS with its features. At the time of the writing of the paper, ENS had clocked four years since its launch but had no significant research done on its benefits, use, and security risks. This study aims to correct this.
  • ENS was launched in March 2017 but was shut down after two malfunctions were discovered in the code. It was relaunched in May that same year with 192,471 registered in the first 7 months using a Vickrey auction.
  • Darkmarket.eth was the most valuable name with a price of over 20,000ETH at the time. The winning bidder got the name at the second highest bid price while the losers would receive a refund of 0.5% less than their original bid deposits.
  • The Vickrey auction was replaced in 2019 with the permanent registrar and the registrar controller. Annual renewal fees for names with more than 6 characters started at $5 every year. The registrar controller introduced the possibility of delegating name management to another Ethereum address.
  • The short name claim period in July 2019 gave owners of traditional TLDs and 2LDs the opportunity to pay advance rent for ENS name equivalents or variants. Famous traditional websites like NBA and Ebay applied for .eth names during this period. Prices for names were adjusted to $640 for 3 character names, $160 for 4 character names, and $5 for 5 - 6 character names.
  • Names relating to popular brands like ‘apple’ and ‘google’ and names relating to terms like ‘sex’ and ‘porn’ received much attention during the short name auction on OpenSea in Septermber 2019.
  • Today, ENS has evolved and now shares similarities with traditional domain names. Prices for name registration and annual renewal are now dependent on the length of the name. Anyone can renew a name during the 90-day grace period after its expiration.
  • The most widespread use of ENS has been proven to be as an alternative to blockchain addresses. Other uses include to set content hashes, public key records, descriptions and text records.
  • There are obvious signs of domain squatting. These include explicit squatting by claiming names of known brands and typo-squatting.
  • Bad actors are also exploiting ENS for illegal and malicious purposes like linking to gambling websites, adult content, and scam activities.
  • Record persistence attacks also pose more security risks to users. ENS maintains records on names even after their expiry dates.
  • ENS shows a promising future but still needs to be properly studied and monitored.

Method

  • The authors employed a thorough tripartite quantitative approach to collect the primary dataset used for the research.
  • The first step was to collect from Etherscan all ENS official smart contracts related to name registration and name renewal which are the core functions of ENS. These contracts include registry contracts, resolver contracts, registrar contracts, registrar controller contracts and a short name claim contract.
  • Then, Geth was used to synchronise the Ethereum ledger and extract event logs. Each contract’s ABI was fetched and used to decode the event logs. Through this, it was possible to get name-owner mappings, name resolver mappings from registry contracts, name records history from resolver contracts, and auction/registration history from registrar contracts. Extra open source revolvers were added with their event logs fetched and decoded based on their ABIs.
  • Last, the hash values of the ENS names were restored to readable names. This was done by first accessing the name-hash dictionary of ENS developers uploaded on Dune Analytics. Then the labelhashes of over 460,000 English words and Alexa’s top 100,000 domain list were compared to the hashes in the registry event logs to obtain their readable values.
  • Non-ETH addresses, content hashes, and text records were also decoded based on the rules in their ENS documentations; EIP-2304, EIP-1577, and EIP-634.
  • Data on the Short Name Auction was obtained by analysing the data shared by OpenSea in the ENS blog. This was because the auction was conducted on OpenSea and ENS contracts’ event logs did not have details of the auction.
  • As arbitrary text records are set in the form of key-value records with predefined keys, an analysis was performed on the keys of these text records without the empty values to obtain their content.
  • To check for explicit squatting, the labelhashes of each 2LD in the Alexa list was matched with its corresponding labelhash in an ENS name. The test is whether an Ethereum address has more than one famous brand’s domain name; if so, it must be a squatter as these brands are not owned by the same person.
  • To detect typosquatting, dnstwist, is used to generate typo-squatting variants of Alexa top 100,000 names. Dnstwist can create different typo-squatting variants through methods like addition, bitsquatting, homoglyphs, hyphenation, insertion, omission, repetition, replacement, transposition, vowel-swap, and various. All Alexa top 100,000 domains are imputed in dnstwist and the labelhashes of their 2LDs are calculated to check if the squatting names have been registered on ENS.
  • To check the possibility of bad actors exploiting ENS functionalities to deliver malicious or illegal web contents, all URLs obtained from the text records and content hashes are first uploaded to VirusTotal. Then, Eyewitness is used to get the screenshots and source codes of these websites.
  • This data is subsequently uploaded to Google Cloud Natural Language API and Vision API to check if the URLs contain censored content. Suspicious URLs are all manually inspected to reduce false positives.
  • To check if blockchain addresses stored in ENS are used for malicious purposes, a scam address list is compiled from sources like Etherscan, Bloxy, BitcoinAbuse, and CryptoScam. The list is then matched for similarities to get results.

Results

  • By employing the method above, the authors obtained ledger information up to block 10, 746, 639 (i.e., 2020-08-28 03:03:42 UTC) on Ethereum. Therefore, all results discussed were obtained in this time frame. A total of 2 million registry logs, 3.4 million registrar logs, 200 thousand resolver logs, and over 3, 000 transactions related to text records.

  • Since the launch of ENS, 107,617 addresses have participated in the registration of 465, 827 ENS names. 183,000 of these names were still active at the time of the study. 2,254 traditional DNS names have also been integrated on ENS.

  • Over 35% of active addresses own more than one ENS name. An address 0xbcbd4885ee8b2b74249c5ad9b8b668fb256a51b1 had registered up to 2,262 names including common words and names of famous brands.

  • ENS names with more than 6 characters are more popular due to the reduced costs of purchase. 54% of active names are those with 5 - 8 characters.

  • A total of 361,751 names were bid on during the Vickrey auction with 274,052 registered. 17,625 addresses took part in the auction with 45% of bids placed at 0.1ETH.

  • 7,670 names were sold for a total of 5,697ETH during the Short Name Auction. Decentraland went on ENS in February 2020. Over 12,000 subdomains were created from its own domain name.

  • Users are taking advantage of the ENS feature of assigning records to a name. 140,000 names have set records over 170,000 times. Most records contain blockchain addresses with Ethereum being the most preferred at 114, 542 setting records. BTC comes closely after with other variations like LTC, BNB, XRP, and BCH.

  • Content hashes records were discovered in 5,300 names with 98% of them set for IPFS and Swarm. Text records are mainly used to store URLs. 50% of these URLs are set to subdomains of OpenSea.

  • Text records containing descriptions of the name, links to Twitter accounts, and customised key words were also found. There are 44 customised keywords in 214 record settings of ENS names.

  • 15,179 ENS .eth explicit squatting names controlled by 1,532 Ethereum addresses were found. The address topping the list of top 10 holders of these kinds of squatting names holds up to 933.

  • 85% of the 3,775 squatting names set to records were set to blockchain address records. Ethereum tops the list with OpenSea links and IPFS websites following closely. Some addresses have transferred their squatting names.

  • 18,483 ENS typo-squatting names have been identified. These names target 13,450 Alexa names. The most popular typo-squatting variant is bitsquatting with 5,000 variants found. More than 52% of these names were active at the time of the study.

  • Addresses have been registering suspicious ENS squatting names since the initial Vickrey auction period. This trend maintains a steady rise and fall from then to the time of the study.

  • Three scam addresses have been registered in the ENS system at the time of the study. These include airdrop scams and Ponzi schemes.

  • 19 malicious websites involved in gambling, adult content, and scam activities are found linked to ENS name records.

  • ENS name records persist even after name expiration. 16,017 expired .eth names still have records within them alongside their 3,116 subdomains.

Discussion and Key Takeaways

  • ENS has built steady popularity since its launch in 2017.
  • It is proving to be a complementary tool to the existing DNS service.
  • ENS names are now being used for dWebs and traditional websites.
  • It inherited the attributes of blockchain technology; immutability, transparency and decentralisation.
  • Rare names and names with popular words are in high demand. Users are trying to get as many names as they can.
  • The most common use of ENS name records is to link blockchain addresses. Other uses include to store content hashes, and text records.
  • Several security issues like domain name squatting and malicious behaviours found in traditional DNS still plague the ENS system.
  • New security issues posed by the use of smart contracts also exist. ENS names are highly prone to record persistence attacks. An attacker can renew a name after expiry and edit the records. Innocent buyers who are unaware of this change may still associate the .eth name with the old owner and use it in transactions.
  • Given the fact that ENS names are ERC 721 tokens, could their acquisitions be based on their market profit in the future?
  • What are the privacy implications for the user of this service? ENS allows users to link blockchain addresses and custom records to human readable names. If a user publishes this human readable name on a platform like Twitter, it could make way for third party surveillance of the user’s address activity and balance.

Implications and Follow-ups

  • It can be inferred from its active users and integrations with dApps and traditional TLDs that ENS has a healthy ecosystem.
  • There need to be new solutions to enhance the security of ENS due to its inherent security risks.
  • Users need to cross-check the addresses under an ENS name before approving any transaction or interaction with them.
  • The ENS team aims to scale the service on Layer 2 and is working towards more integrations with traditional 2LDs. This will help reduce costs and facilitate use.
  • The authors acknowledge that there have been several studies on the designs of BNSs. Hari et al. propose a distributed, tamper-resistant DNS infrastructure as a solution to the limitations of traditional DNS and its dependence on Public Key Infrastructures (PKIs).
  • Guan et al. present a domain authentication scheme, AuthLegder, to reduce trust in certificate authorities. Other studies like He et al. seek to put forward discussions on how to improve the security of DNS nodes. He et al puts forward a novel decentralised DNS root management architecture based on a permissioned blockchain.
  • Gourley et al. is also cited for their proposal of an improved DNSSEC based on blockchain.
  • Other works relating to the analysis of BNS systems are also cited. The empirical analysis by Kalonder et al. on Namecoin is mentioned. Works that border on the properties of BNS systems like that of Patsakis et al. are also mentioned. Patsakis et al. analyzes security threats to BNS systems such as malware, underlying registrar mechanism, domain market, phishing, motivation and immutability.
  • Liu et al. and Karaarslan et al. compare the designs of several blockchain-based DNSs including ENS.
  • The authors note that there has been no worthy mention of systematic study of ENS besides their work.

Applicability

  • The methods used by the researchers can be employed by the community and ENS developers to conduct more research and improve the system.
  • DApp and Blockchain wallet providers who integrate ENS functionalities should apply the methods in this research paper to detect these security issues and warn users.
  • Methods in this work can be used to study other BNS solutions.
5 Likes

Thanks so much for coming to the forum and contributing this – what do you make of ENS’ recent governance struggles and have they recovered from them?

2 Likes

Thank you for your question @jmcgirk. The recent situation around the proposal to remove Brantly Millegan as Director of the ENS Foundation was just a clear cut proof of DAOs doing exactly what they were made to do: decentralizing decision making. The majority voted against the proposal. This majority turned out to be Brantly himself who had attained so much voting power because others delegated their ENS tokens to him; a perfectly legitimate occurrence.

While the proposal to oust him was being voted on, a subsequent proposal to choose a new Director was also held. The results of this new choice would only be valid if the proposal to oust Brantly received a majority yes vote, which it did not. Currently, Brantly still remains the Director of the ENS Foundation though he is no longer a steward of the DAO or a part of True Names Ltd. All thanks to decentralization.

Here’s a link to the two proposals on Snapshot.
[EP6.1] [Social] Removal of Brantly Millegan as Director of The ENS Foundation

[EP6.2] [Social] Election of a new Director of The ENS Foundation

Here’s a link to Brantley’s response to the outcome of the vote.
Message to the community on the finalization of the EP6.1 vote

3 Likes

Thank you very much – and I agree, it’s definitely proof that decentralized decision-making is really making a difference!

2 Likes

Hey @Favvz nice summary.

Reading this, I don’t get the sense that ENS or other BNS are particularly better than DNS. It’s like the same issues but on a blockchain. Do you think the same?

Also I am curious what is actually the main use of ENS. For me, it is mainly people showing that they have a .eth on Twitter.

3 Likes

Could you describe a little more the similarity that you see between BNS and DNS as being the same issue?

In some ways, I see where you are going, but doesn’t migrating to being on chain make this fundamentally different from scalability, centralization, and security perspectives?

3 Likes

Thank you @jyezie I actually agree with your first point. The authors agree too. The issues DNS have are quite heightened in BNS solutions because of the very same qualities that give blockchain technology its hype. I’m talking about immutability here and transparency. Everyone sees everything. Then, take the record persistence issue that was raised. On DNS, we knew it was alarming that someone could register your name if you were late with your domain name renewal. But on BNS solutions, your domain name as well as your metadata is at risk. You can unregister a name but only while you are still in control of it. And even though the name would be unregistered, the records still show that you owned the name during that time. It is never erased. There’s also more motivation for domain squatting seeing as .eth names are actually NFTs. People want to collect them.

In response to your second question, yes, the use of .eth names on Twitter is quite a spectacle. I would insert a laughing emoji if I could. But we cannot deny that the first point of ENS names was to give blockchain addresses human readable names. If I might say, give people in web3 more readable identities. Just like how we now have domain names for the internet after the era of IP addresses. Anyone showing their .eth names on Twitter is just helping champion the cause.

However, the main selling point I see with ENS and other BNS solutions is the quality of decentralisation. That elimination of intermediaries. You have full control. Asides being in control of your own domain name, you could also directly create, manage, and sell subdomain names to others. You could reclaim these subdomain names in case of any breach. That is a lot of independence. When you combine ENS and IPFS, the decentralised file storage system, censorship resistant websites actually seem possible.

So as always with technology there’s always the good and the bad. It all depends on how we answer and act on these kind of questions.

3 Likes

Thank you for your question @zube.paul. The only similarity I identify between DNS and BNS solutions is the fact they are both made for domain name registration. Asides that, there’s really no other similarity. They approach this problem with different techniques and are exact opposites on the grounds of scalability, centralization, and security, just like you identified.

3 Likes

Since the traditional name service and DNS have been widely adopted by the developers and administrators worldwide, I wonder what angle of attack could allow ETH Name Service to disrupt the industry in the upcoming decade?

5 Likes

Can you give us a sense of the kind of applications we might see ENS being used for on L2?

4 Likes

I don’t think we can expect an immediate overhaul but it’s surely growing. At the time this study was conducted in 2021, the number of active names recorded was 183,162. Now, in less than a year, by its 5th anniversary, ENS has grown to over 1.12 million names registered on its platform with 503 integrations. These integrations have been with the likes of Coinbase, Trust Wallet, Brave, Metamask, Etherscan, Snapshot, Aragon, BanklessDAO, Balancer, Chainlink, Mirror, and Opera. More integrations are to come.

In a world where web3 products go mainstream, I believe that services like ENS would be more sought after for seamless functionality.

Here’s a link to an article on the next steps ENS plans for growth:
1 Million names and the next milestone

4 Likes

Thank you @Favvz for this research summary. I have personally used ENS and I find this study very interesting. This is the only in depth research paper I have seen about ENS as well.

I will also try to answer @jyezie’s questions about main use cases. Although, most of it was covered in the OPs Key Takeaway section, I will try to expand on it and give some context to it.

First to address the concern

I think definitely yes. They play a part in the NFT speculation market that is going on right now. The following facts seem to support it. Some of these numbers are just mind boggling.

  • The entire NFT Market Cap is currently at $12 Billion.
  • The highest sale for an ENS is 420 wETH.
  • The market participants also speculate on the ENS token - which is a governance token of the Ethereum Name Service. ENS currently trades at ~$10 with a market cap of ~$200M While reaching an all time high of ~ $82 with a market cap of $1.6 Billion.
  • This is also equally fueled by celebrities owning ENS and posting them on twitter among others. The current minimum price (floor) for 3 digit numerical ENS (Ex. 00x) is 14.5 ETH and the highest sale at 83.5 ETH for 003.eth.
  • ENS in its peak also generated $1M a day in revenue.

These numbers goes to show that there is definitely more monetary interest in ENS trading than in its’ use cases. The question that still remains is - How can we aim for global mass adoption with such squatting (as shown in the OP’s post) of ENS names? Would we have the same problems as we have currently in the regular DNS?

ENS would continue to have value as long as the Ethereum L1 exists and continue to scale. To take it a step further, I think the same ENS problems/issues will also be in any other competing naming systems by other smart contract protocols.

Having said that, I think ENS is a perfect way for blockchain address both for visualization and memory. Every application and use case built on Ethereum will want to represent themselves with a .eth domain be it on twitter or in any future decentralized social media.

  • The next big use case after using it as a wallet, is representing content hashes on a decentralized file storage system to point to some text or metadata of some sort, this data can also be a website. By having some website on IPFS one can obtain a Content Identifier (CID) which is a sha-256 type hash and the ENS records can be updated to point to that CID and hence your website. As far as I am aware, the website cannot be altered without changing the CID.

    These websites needs to accessed through web3 browsers like Metamask or Brave. To overcome the browser limitation, there is something called ETH DNS where normal browsers can be used to access the ENS domain with .link at the end of the ENS like - https://vitalik.eth.link/ . Here is a reference if you want to dig deeper.

  • I can also imagine some sort of identity related services using ENSs like voting in polls etc. Although I am not sure how can that actually be implemented.

  • One can also create and rent out subdomains of an organization. I can imagine something like KFC.eth to have a subdomain like NY.KFC.eth. Synonymous to DNS and emails.

It is very exciting to see what applications and use cases unfold through ENSs as they currently seem to be limited as far as our imagination goes. I would like to end this comment by posing a question to the community. Will we have a universal decentralized domain naming system or is a multichain domain system the future? Given that .ENS now has Multi-coin support.

2 Likes